Big Data – and big security issues

The massive Equifax data breach was a top technology story of 2017. According to a Federal Trade Commission notice released last September, “If you have a credit report, there’s a good chance that you’re one of the 143 million American consumers whose personal information was exposed. The breach lasted from mid-May through July 2017. The hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers, credit card numbers, and dispute documents with personal identifying information.”

How was such a stunning data breach possible? The answer is depressingly simple: Equifax did not to patch their website, even though they were previously warned of known vulnerabilities. In other words, human error that the hackers exploited.

Are such lapses common? Again, depressingly, yes.

In December 2017, CNET reported another data breach affecting 123 million US households. The leak occurred in October on an unsecured cloud-based server that was left online by marketing analytics company Alteryx. Ironically, the repository contained data belonging to Experian, an Equifax competitor.

It’s no better in 2018. Just yesterday, Bell Canada announced a data breach affecting 100,000 customers.

Complexity is the bane of security, and today’s big data systems are exceedingly complex. A major difference between hacks a few years ago and today’s attacks is that the data is extensive and stored online, not on private networks. Anyone with the right tools or skills can get access to the treasure trove – and they do it all the time.

These data breaches are primarily software-based, but hardware is not immune. Two devastating microprocessor security vulnerabilities, called “Spectre” and “Meltdown,” were recently disclosed by Google researchers. Chips from Intel, AMD, and ARM are potentially affected by this design exploit, going back a decade or more. These chips are in everything we use: smartphones, laptops, tablets, and so on. The exploit allows the capture of sensitive data on the chip, including passwords and cryptographic keys.

I have little doubt the vulnerability has been exploited by national security agencies worldwide for some time. If I was truly paranoid, I’d say the design flaw was devilishly deliberate. A cunning plan to hide a back door for those with the keys to gain unfettered access.

In the era of big data today, privacy is dead and security a mirage.

The Center for Technology & Society’s next Tech Talk is on “Big Data, Privacy, and Security.” The talk takes place Friday, Feb. 2, at 8:00 p.m. in Florida Tech’s Olin 118 auditorium. The talk is free and open to the public. Seating is limited, so please register online at http://www.fit.edu/lifelong-scholar-society/techtalks.php, call 321-674-8382, or email pdpregistration@fit.edu

Scott Tilley is a professor at the Florida Institute of Technology in Melbourne. Contact him at TechnologyToday@srtilley.com.